Monday, January 4, 2010

This article comes by way of friend and colleague Nancy Thorp. Since I didn't know much about the technological side of forensic science, Nancy got this information from the Federal Bureau of Investigation and its press releases. I'm happy to share that with you here!

When FBI agents are on the trail of suspected terrorists, with appropriate legal approval they can access suspects’ e-mail, telephone calls, text messages, and even computer hard drives. But what do they do with those millions of pieces of digital data? How can all that raw intelligence be organized, analyzed, and shared to help stop a terrorist plot before it’s too late?The answer to those questions can be found within the FBI Special Technologies and Applications Office (STAO). In the high-stakes arena of national security, STAO is one of the FBI's most technologically advanced players.Using custom-designed tools and computer applications so innovative they are sometimes beyond state of the art, STAO’s specialty is teasing out critical information — a hidden video file on a hard drive, a key connection among tens of thousands of e-mails — from almost any form of electronic media. Where digital evidence is concerned, STAO Section Chief Christopher (Todd) Doss explained, “We find the needle in the haystack.”Created in the late 1990s and dramatically enhanced as a result of 9/11, the office consists of more than 200 people with expertise in various digital disciplines. In addition to Bureau personnel, the team collaborates with some of the brightest computer scientists from private industry, academia, and other government agencies.

The primary goal of STAO is to provide investigators with tools to manage and analyze large volumes of digital intelligence and cross-correlate it, making it available to FBI personnel all over the world and to FBI partners in the law enforcement and intelligence communities. Is a piece of data from a cell phone in Southeast Asia linked to a terrorism case in Seattle? STAO applications can help connect the dots.Some of STAO’s capabilities include:Visual Analysis. Finding patterns among enormous amounts of related data exchanged among suspects is a huge challenge. Instead of wading through vast lists of such data in a traditional text-based way, such as in a spreadsheet, STAO created a visual solution called FANTOM. It allows agents and analysts to examine connections visually in three dimensions. Each suspect's data relationship is represented on a large computer monitor by a single point, or "node." Lines, or "edges," between nodes indicate one or more communications made between suspects using a particular method. Using FANTOM, agents find answers to important questions — “Which nodes were most active and most central to all the communications?" "What communications were made at a particular date and time?" Or, "If two suspects exchanged text messages before planting an IED (Improvised Explosive Device), who else were they texting?" This cutting-edge visual application enables the kind of interactive computing that can provide vital intelligence to investigators.Malicious code analysis. STAO’s experts on malicious software — malware — work closely with FBI Cyber Division on matters including computer intrusions. These experts are often called upon to testify in child pornography cases when defendants claim that a computer virus was responsible for downloading child porn to their computers. “We can tell if that was indeed the case,” an agent explained. (See: http://technet.microsoft.com/en-us/library/dd632948.aspx for a definition and FAQs about malware.)Data management. STAO maintains powerful, easy-to-use systems that can store seized digital files including text, audio, video, and photos. Approved users can search, filter, and share case information with others in the intelligence community — an invaluable tool in FBI fight against terrorism.

“The bottom line,” said one STAO official, “is that our office helps the Bureau and others do their jobs. And whenever we can help catch the bad guy on the criminal side, or provide intelligence on the counter-terrorism side, that’s what we’re here for.”